Fail2ban aceptó el jail personalizado pero no detectó el evento

este problema me vuelve loco. Configuré una cárcel para evitar publicaciones http excesivas en mi servidor web.

Parece que el servidor fail2ban acepta mi nueva cárcel pero nada tiene efecto en el servidor fail2ban.

Lo siguiente es parte de mi configuración jail.local (sshd en fail2ban funciona perfectamente por cierto).

#global setting
bantime  = 1h 
findtime  = 1h
maxretry = 5
backend = systemd
banaction = firewallcmd-rich-rules[actiontype=]
banaction_allports = firewallcmd-rich-rules[actiontype=]
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
enabled  = true
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

[webpost]
enabled  = true
filter   = webpost
logpath  = /var/log/message

A continuación se muestra webpost.conf en la carpeta filter.d/:

[Definition]
failregex = ^.*myserver python3.6\[.*\]: <HOST> - - \[.*\] ".*POST \/enquiry HTTP.*".*-$
ignoreregex =
datepattern = ^%%b  %%d %%H:%%M:%%S

La prueba de expresiones regulares en fail2ban está funcionando, el resultado es el siguiente:

fail2ban-regex /var/log/messages /etc/fail2ban/filter.d/webpost.conf
Running tests
=============
Use   failregex filter file : webpost, basedir: /etc/fail2ban
Use      datepattern : ^%b  %d %H:%M:%S : ^MON  Day 24hour:Minute:Second
Use         log file : /var/log/messages
Use         encoding : UTF-8
Results
=======
Failregex: 115 total
|-  #) [# of hits] regular expression
|   1) [115] ^.*myserver python3.6\[.*\]: <HOST> - - \[.*\] ".*POST \/enquiry HTTP.*".*-$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
|  [115989] ^MON  Day 24hour:Minute:Second
`-
Lines: 115989 lines, 0 ignored, 115 matched, 115874 missed
[processed in 2.65 sec]

El registro de fail2ban también muestra todo cargado y funcionó bien.

2023-09-07 17:27:09,868 fail2ban.filtersystemd  [969]: NOTICE  [webpost] Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons.
2023-09-07 17:27:10,061 fail2ban.filtersystemd  [969]: INFO    [webpost] Jail is in operation now (process new journal entries)
2023-09-07 17:27:10,063 fail2ban.jail           [969]: INFO    Jail 'webpost' started

Después de enviar muchas solicitudes de publicaciones http a mi sitio web y parece que fail2ban no detectó ninguna de las publicaciones http del archivo /var/log/message. Fail2ban solo detecta los intentos de sshd. ¡NINGUNA publicación web detecta ninguna publicación!

2023-09-07 17:36:46,206 fail2ban.filter         [969]: INFO    [sshd] Found 180.101.88.228 - 2023-09-07 17:36:45
2023-09-07 17:36:48,739 fail2ban.filter         [969]: INFO    [sshd] Found 180.101.88.228 - 2023-09-07 17:36:48
2023-09-07 17:36:52,034 fail2ban.filter         [969]: INFO    [sshd] Found 180.101.88.228 - 2023-09-07 17:36:51
2023-09-07 17:36:55,241 fail2ban.filter         [969]: INFO    [sshd] Found 180.101.88.228 - 2023-09-07 17:36:54
2023-09-07 17:37:57,290 fail2ban.filter         [969]: INFO    [sshd] Found 180.101.88.228 - 2023-09-07 17:37:56
2023-09-07 17:37:57,769 fail2ban.actions        [969]: NOTICE  [sshd] Ban 180.101.88.228
2023-09-07 17:37:57,795 fail2ban.filter         [969]: INFO    [pam-generic] Found 180.101.88.228 - 2023-09-07 17:37:57
2023-09-07 17:37:59,280 fail2ban.filter         [969]: INFO    [sshd] Found 180.101.88.228 - 2023-09-07 17:37:58

No sé donde está el problema.